mindsphere / mindconnect-nodejs

NodeJS Library for Industrial IoT Connectivity - TypeScript SDK for Industrial IoT - Command Line Interface - Development Proxy - typescript-sdk is waiting for your contributions!
https://developer.siemens.com/industrial-iot-open-source/index.html
MIT License
68 stars 23 forks source link

[Snyk] Security upgrade cross-fetch from 3.1.4 to 3.1.5 #305

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5
Information Exposure
SNYK-JS-NODEFETCH-2342118
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: cross-fetch The new version differs by 13 commits.
  • c6089df chore(release): 3.1.5
  • a3b3a94 chore: updated node-fetch version to 2.6.7 (#124)
  • efed703 chore: updated node-fetch version to 2.6.5
  • 694ff77 refactor: removed ora from dependencies
  • efc5956 refactor: added .vscode to .gitignore
  • da605d5 refactor: renamed test/fetch/ to test/fetch-api/ and test/module/ to test/module-system/
  • 0f0d51d chore: updated minor and patch versions of dev dependencies
  • c6e34ea refactor: removed sinon.js
  • f524a52 fix: yargs was incompatible with node 10
  • 7906fcf chore: updated dev dependencies
  • 24bc35a chore: added make browser task
  • 6baf09d chore: added closeOnExec param to ./bin/server
  • 80c46c1 chore: added exec param to ./bin/server
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

sn0wcat commented 2 years ago

will be done manually